On 12/07/2011 07:25 PM, Patricia Campbell wrote:
I agree with the rest but how is "printer hack is a perfect way to
keep a door open", maybe I'm tired but do you have an example, given
no other point of ingress?
If one system gets compromised it would be logical for the hacker
to then scan the available services, and a printer hack is a
perfect way to keep a door open. Most places would never even
think their printer could be hacked. I am sure many automated bot
type systems immediately scan for all known
printers/routers/embedded devices once it gets inside.
Jeremy
Well, it all depends on your setup of course, but you don't need ingress
when you are already in. The printer can call out, and download new code
or instructions from a remote server. Same way many hacked machines
would. It is also already inside your network, so it can also work on
penetrating other systems, as they say in the article, a "beachhead".
Apparently many of them run vxworks or similar, this is pretty powerful
stuff depending on what is compiled in. The fact the big players don't
digitally sign updates says that most likely the worst scenario is
possible. Either way, they have network stacks.
Jeremy
_______________________________________________
mlug mailing list
[email protected]
https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
